WS_FTP Server Directory Traversal
CVE-2023-42657

9.9CRITICAL

Key Information:

Vendor: Progress Software
Status: Ws Ftp Server
Vendor: CVE Published:; 27 September 2023

🔔 Create Progress Software Vulnerability Alert

What is CVE-2023-42657?

A directory traversal vulnerability exists in WS_FTP Server versions prior to 8.7.4 and 8.8.2, allowing attackers to perform unauthorized file operations. Attackers can exploit this flaw to access and manipulate files and directories beyond their designated WS_FTP folder path, potentially leading to the deletion, renaming, creation, or removal of files and folders within the underlying operating system.

Affected Version(s)

WS_FTP Server 8.8.0

WS_FTP Server 8.8.0 < 8.8.2

WS_FTP Server 8.7.0 < 8.7.4

References

https://www.progress.com/ws_ftp

product

https://community.progress.com/s/article/WS-FTP-Server-Cr...

vendor-advisory

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Sep 12, 2023